Win32/Patched.ED Trojan

Discussion in 'malware problems & news' started by wndovie, Feb 8, 2010.

Thread Status:
Not open for further replies.
  1. wndovie

    wndovie Registered Member

    Joined:
    Feb 8, 2010
    Posts:
    1
    A colleague's system is infected with the following:

    Object: W:\WINDOWS\SYSTEM32\WS2_32.DLL
    Threat: Win32/Patched.ED trojan

    I attempted to remove the virus using NOD32 but that did not yield anything. Then I run Malwarebytes on the system but it found no infections.

    Has anyone encountered this virus? and how did you manage to get rid of it permanently?

    Thanks in advance.

    Wn
     
  2. Helm_local

    Helm_local Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    12
    Hi,

    I've just had a call about this same threat and I am about to investigate it.

    From what Ive been told the threat is spotted by ESET when the user launches Firefox. When remove/delete option is chosen nothing happens, it returns when Firefox is re-launched. Firefox is NOT usable.

    Likewise, Malwarebytes does not find it.

    I'm off to the user now, I'll update this post later.

    Mike
     
  3. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Replace WS2_32.DLL with a clean copy from your Windows CD.
     
  4. Helm_local

    Helm_local Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    12
    I'm guessing that the Trojan has modified the WS2_32.dll with some malicious code?

    Replacing the file with a clean copy makes sense, however, how do we know whether the Trojan's code has done more damage to the PC or downloaded other stuff to it?



    Mike
     
  5. sysedit

    sysedit Registered Member

    Joined:
    Mar 28, 2010
    Posts:
    1
    I found this same trojan in my system and it seems no one has found a way to rid their systems of it. Only very few results are shown with what we are dealing with, this being one of them. I have tried to replace the ws2_32.dll but it is in use in windows. I tried going to safe mode, get a glimpse of a blue screen and my pc restarts itself. My next step is to try a windows repair. I will advise if this works. I'd prefer not to do a reinstall but if I must, I will go to 7. I will post back to let you know of the results.
     
  6. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    You'll find what you're after searching - replace inuse system file.
     
Loading...
Thread Status:
Not open for further replies.